Jump to content

Password Protect my admin pages

jmr3460

By jmr3460
in PHP Coding Help

 Share

Recommended Posts

jmr3460 Regular Member

jmr3460

Posted
Posted

I am looking for a way to password protect my admin pages for multiple users. I was thinking that I can use a DB table with username and password as values.

 

I think that if a form is not set then echo a form that is a username and password. I think that it would need to set a cookie to authorize the same pages as long as they are in the same browser session. Can anyone help?

Link to comment
Share on other sites
lewisstevens1 Member

lewisstevens1

Posted
Posted

Well im not sure if this will help you. but i done something like that.

I first added a file called connect2.php where i had like my connection functions to connect then i created simple html doc called main_login.php where i just used input fields for the data

 

<input name="myusername" type="text" id="myusername"><input name="mypassword" type="text" id="mypassword">

 

 

then created a new file called checklogin.php

 

<?php

require_once 'connect2.php';

// username and password sent from form 
$myusername=$_POST['myusername']; 
$mypassword=$_POST['mypassword']; 

// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);

$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row

if($count==1){
// Register $myusername, $mypassword and redirect to file "login_success.php"
session_register("myusername");
session_register("mypassword"); 
header("location:login_success.php");
}
else {
echo "Invalid Username or Password";
}
?>

 

then created a doc called login_success.php

 

<? 
session_start();
if(!session_is_registered(myusername)){
header("location:http://www.whatever.com
?>

 

then for the logout i used

<? 
session_start();
session_destroy();
header("location:http://www.whatever.com");
?>

 

something like that i think.

Link to comment
Share on other sites
jmr3460 Regular Member

jmr3460

Posted
  • Author
Posted

I am still working on it I seem to be getting an error with the $count:

$count=mysql_num_rows($result);

Can you help? Then it says that user and password not valid.

 

Could it also be the fact that I have not created my login_success.php or my logout yet.

Are these files the ones that redirect my to the actual page that I am protecting?

Link to comment
Share on other sites
jmr3460 Regular Member

jmr3460

Posted
  • Author
Posted

OK I am looking at another script. I have got it to where I redirects me back to my login page. I can't find out why it will not go though to my secret page. I think that it is not detecting the right password but I don't know to find that out. This is my codes:

<?php
//check for required fields from the form
if ((!isset($_POST["username"])) || (!isset($_POST["password"]))) {
header("Location: index.html");
exit;
}

//connect to server and select database
$host = 'localhost';
$username = 'simplic5_jmr3460';
$password = 'freedom98714';
$database ='simplic5_users';
$mysql = mysql_connect($host, $username, $password);
mysql_select_db($database);
//$mysqli = mysql_connect("$host", "$username","$password","simplic5_users");


//create and issue the query
$sql = "SELECT f_name, l_name FROM auth_users WHERE username = '".$_POST["username"]."' AND password = PASSWORD('".$_POST["password"]."')";
$result = mysql_query($sql) or die(mysql_error($mysql, $sql, $result));

//get the number of rows in the result set; should be 1 if a match
if (mysql_num_rows($result) == 1) {

//if authorized, get the values of f_name l_name
while ($info = mysql_fetch_array($result)) {
	$f_name = stripslashes($info['f_name']);
	$l_name = stripslashes($info['l_name']);
}

//set authorization cookie
setcookie("auth", "1", 0, "/", "localhost", 0);

//create display string
$display_block = "
<p>".$f_name." ".$l_name." is authorized!</p>
<p>Authorized Users' Menu:</p>
<ul>
<li><a href=\"secretpage.php\">secret page</a></li>
</ul>";
} else {
//redirect back to login form if not authorized
header("Location: index.html");
exit;
}
?>
<html>
<head>
<title>User Login</title>
</head>
<body>
<?php echo "$display_block"; ?>
</body>
</html>

This code will always take me back to my index.html page which is my original login page.

Can anyone help.

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.